package com.mall.common;

import javax.servlet.http.HttpServletRequest;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import java.lang.reflect.Method;

@Aspect
@Component
public class AuthCheckAspect {

    @Around("@annotation(com.mall.common.AuthCheck)")
    public Object checkAuth(ProceedingJoinPoint joinPoint) throws Throwable {
        ServletRequestAttributes attrs = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        if (attrs == null) {
            throw new RuntimeException("No request context");
        }
        HttpServletRequest request = attrs.getRequest();
        String token = request.getHeader("Authorization");
        // 简单校验，实际可扩展为JWT等
        if (token == null || token.isEmpty()) {
            throw new RuntimeException("未认证，缺少Authorization头");
        }
        // 可扩展token校验逻辑
        return joinPoint.proceed();
    }
}
